{"id":13039,"date":"2018-08-08T11:00:16","date_gmt":"2018-08-08T19:00:16","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/08\/08\/news-6806\/"},"modified":"2018-08-08T11:00:16","modified_gmt":"2018-08-08T19:00:16","slug":"news-6806","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/08\/08\/news-6806\/","title":{"rendered":"One year after Triton:   Building ongoing, industry-wide cyber resilience"},"content":{"rendered":"<p><strong>Credit to Author: Andrew Kling| Date: Wed, 08 Aug 2018 00:03:12 +0000<\/strong><\/p>\n<p><em><strong> Cybersecurity Blog Series:\u00a0 Part 1<\/strong><\/em><\/p>\n<p>One year ago cybersecurity experts discovered the world\u2019s first known cyberattack on a safety instrumented system. Some called it Triton. Others named it TRISIS. Still others, Hatman. Yet regardless of the name, everyone agrees that it prompted a call to action for every industrial process and manufacturing enterprise in the era of the Industrial Internet of Things (IIoT). What was once considered theoretical became a real threat to every industrial safety system, everywhere in the world, no matter who designed, engineered, built or operates it.<\/p>\n<p><strong>Where do we go from here?<\/strong><\/p>\n<p>As a director of cybersecurity and architecture at Schneider Electric, I have been intimately involved in the Triton investigation, exploration of the attack\u2019s industry-wide implications, and steps to strengthen resiliency both in the here and now and for tomorrow. I am encouraged by the progress made over the last year, yet there is more work ahead. In fact, building cybersecurity resilience is an ongoing pursuit if we\u2019re to ensure the reliability and safety of assets in an increasingly digital world.<\/p>\n<p>As we reflect on the lessons of Triton and what we can do to combat future threats, Schneider Electric continues to encourage a three-pronged approach to creating a stronger global cyberculture:<\/p>\n<ul>\n<li>Aggressive \u201ccybersecurity by design,\u201d including cyber hardening of platforms on the part of designers and engineers and throughout the entire supply chain, along with rapid adoption and education on best practices and procedures on the part of plant operators and owners.<\/li>\n<li>Consistent and widespread adherence to global security standards across the operational technology spectrum.<\/li>\n<li>Open and honest collaboration among plant asset owners, suppliers, designers, engineers, plant operators, third-party providers, integrators, standards bodies and government agencies around the world.<\/li>\n<\/ul>\n<p><strong>Thinking beyond the technology<\/strong><\/p>\n<p>Fifteen years ago, before the advent of the IIoT, the cyber threats we face today were unimaginable. In the case of Triton, the Schneider Electric controller at the targeted facility performed as designed, bringing the plant to a safe state via a shutdown and thus averting a disaster. The subsequent investigation identified security lapses onsite, however, that allowed the perpetrator (recently identified as Xenotime) to infiltrate the system via more sophisticated means than our industry had seen previously. It\u2019s now clear that to shut the door on future, Triton-like attacks, adopting an end-to-end security approach is critical \u2014 from product design to installation to rigorous onsite operations.<\/p>\n<p> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-50665\" src=\"https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/08\/Triton-Infographic-Final-854x1024.jpg\" alt=\"\" width=\"854\" height=\"1024\" srcset=\"https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/08\/Triton-Infographic-Final-854x1024.jpg 854w, https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/08\/Triton-Infographic-Final-250x300.jpg 250w, https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/08\/Triton-Infographic-Final-768x921.jpg 768w, https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/08\/Triton-Infographic-Final.jpg 1575w\" sizes=\"auto, (max-width: 854px) 100vw, 854px\" \/> <\/p>\n<p style=\"text-align: center\"><a href=\"https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/08\/Triton-Infographic-.pdf\">Click to view Infographic<\/a><\/p>\n<p><strong>Call to action for strict standards and adherence<\/strong><\/p>\n<p>The need to <a href=\"https:\/\/www.schneider-electric.com\/en\/work\/services\/field-services\/industrial-automation\/industrial-cybersecurity\/industrial-cybersecurity.jsp\">update legacy systems and processes<\/a> is clear. But Triton also exposed the urgency for suppliers, designers, engineers, industrial plant operators\/owners, third-party providers, integrators, standards bodies, and government agencies around the world to adopt and adhere to cybersecurity standards for process control systems. One of those is IEC 62443, a rigorous standard for industrial automation technology that safeguards operations across multiple layers. And there are others, such as the French GTCSI (ANSSI) standard and ISO 27001.<\/p>\n<p>In addition to standards, we must look holistically at the current threatscape. Standards often advise a methodical, hierarchal approach to security, whereby vulnerabilities are ranked in order from high to low risk. A device directly connected to a controller, for example, is \u201chigh risk,\u201d and \u201clow risk\u201d vulnerabilities are those such as malicious emails with an embedded link. When it comes to advanced persistent threats (APT) such as that carried out by Xenotime, however, the full spectrum of vulnerabilities \u2013 from low to high risk \u2013 is likely being exploited simultaneously. Addressing them one at a time is simply insufficient. In addition to taking a wider-view stance, we can build effective defenses by:<\/p>\n<ul>\n<li>Finding and eliminating our most severe vulnerabilities, no matter how the risk is tiered;<\/li>\n<li>Scrutinizing the techniques used by the APT groups and, in turn, defending against those attack vectors as well; and<\/li>\n<li>working together as an industry to move forward safety in the digital landscape.<\/li>\n<\/ul>\n<p><strong>Addressing the shift from theory to reality<\/strong><\/p>\n<p>The presence of malicious attacks at this level is our new reality. We have the means to ward off \u201csuccessful\u201d attacks \u2014 as well as build and advance a resilient \u201cdetect and response\u201d cybersecurity strategy across all levels of an industrial enterprise \u2014 but only if we take immediate, collective action. Now is the time for this collaborative effort.<\/p>\n<p>I\u2019ll be sharing additional thoughts on preventing cyberattacks in this blog series. Up next, we\u2019ll examine current legislation and its role in the prevention of future attacks.<\/p>\n<p>For more insight from Schneider Electric on cybersecurity, download our whitepaper: \u201c<a href=\"https:\/\/emea01.safelinks.protection.outlook.com\/?url=http%3A%2F%2Fvsstatic.lvl3.on24.com%2Fevent%2F16%2F00%2F01%2F3%2Frt%2F1%2Fresources%2FCybersecurity%2520Best%2520Practices%2520whitepaper-A7EF.pdf&amp;data=02%7C01%7Candrew.kling%40schneider-electric.com%7Cf1ffcec8a52343ee7eb408d5f7d032d3%7C6e51e1adc54b4b39b5980ffe9ae68fef%7C0%7C0%7C636687395944124751&amp;sdata=CdmMbpGlqMNw95Bh1A5zTQgJbbTJnc7RK%2BqFyygooIM%3D&amp;reserved=0\">Cybersecurity Best Practices<\/a>\u201d.<\/p>\n<p>&nbsp;<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/08\/07\/one-year-after-triton-building-ongoing-industry-wide-cyber-resilience\/\">One year after Triton:   Building ongoing, industry-wide cyber resilience<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\">Schneider Electric Blog<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/08\/07\/one-year-after-triton-building-ongoing-industry-wide-cyber-resilience\/\" target=\"bwo\" >http:\/\/blog.schneider-electric.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Andrew Kling| Date: Wed, 08 Aug 2018 00:03:12 +0000<\/strong><\/p>\n<p>Cybersecurity Blog Series:\u00a0 Part 1 One year ago cybersecurity experts discovered the world\u2019s first known cyberattack on a safety instrumented system. Some called it Triton. Others named it TRISIS. Still&#8230;  <a href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/08\/07\/one-year-after-triton-building-ongoing-industry-wide-cyber-resilience\/\" title=\"ReadOne year after Triton:   Building ongoing, industry-wide cyber resilience\">Read more &#187;<\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/08\/07\/one-year-after-triton-building-ongoing-industry-wide-cyber-resilience\/\">One year after Triton:   Building ongoing, industry-wide cyber resilience<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\">Schneider Electric Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[12389,12388],"tags":[6148,13177,12608,10629,4500,17984,12554,19170,12411,19171,17005],"class_list":["post-13039","post","type-post","status-publish","format-standard","hentry","category-scadaics","category-schneider","tag-automation","tag-cyber-attacks","tag-cyber-security","tag-cyberattacks","tag-cybersecurity","tag-cybersecurity-standards","tag-industrial-cybersecurity","tag-industrial-process","tag-oil-and-gas","tag-safety-instrumented-systems","tag-triton"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13039"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13039\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}